CVE-2024-50139: 
Linux Kernel vulnerability analysis and mitigation

A shift-out-of-bounds bug was discovered in the Linux kernel's KVM ARM64 implementation. The vulnerability (CVE-2024-50139) affects the ARM64 KVM subsystem when running virtual machines with Memory Tagging Extension (MTE) enabled on the host kernel. The issue was identified in Linux kernel versions from 6.3 up to (excluding) 6.6.59 and from 6.7 up to (excluding) 6.11.6, as well as versions 6.12-rc1 through 6.12-rc4 (NVD).

The vulnerability occurs in the reset_clidr function within arch/arm64/kvm/sys_regs.c where a shift operation with an exponent of 33 is performed on a 32-bit integer type, causing an out-of-bounds condition. This was detected by UBSAN (Undefined Behavior Sanitizer) during VM execution with MTE enabled. The issue stems from using an incorrect integer type for the shift operation, where a 32-bit integer was used instead of a 64-bit one (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to undefined behavior in the kernel when running virtual machines with MTE enabled. While there are no direct confidentiality or integrity impacts reported, the vulnerability could potentially result in a denial of service condition affecting the availability of the system (NVD).

The vulnerability has been fixed by changing the integer type used in the shift operation from a 32-bit to a 64-bit unsigned long long (ULL) type. The fix has been implemented in the kernel patch that modifies the sys_regs.c file. System administrators should update their Linux kernel to versions that include this fix (Kernel Patch).